17 – 21 July 2017
Read Cognosec’s round up of relevant news and happenings within the industry this week.
In the news this week…
Businesses failing to protect their networks from potential threats by ex-employees
More than half of former employees are still able to access corporate networks after they have left a company, according to a survey reported in Infosecurity magazine. The survey, which questioned 600 UK IT decision-makers, discovered that a large proportion of businesses are failing to adequately protect their networks from threats posed by ex-employees. It also found that 24 percent of UK companies have suffered data breaches by former members of staff. Moreover, 92 percent were spending up to an hour on manually deprovisioning past workers from every corporate application and a further 50 percent were not using automated deprovisioning technology to cut off access as soon as an employee leaves a business. As a result, over a quarter of former employee’s corporate accounts remain active for a month or more.
Major cyber-attack could cost the global economy over $120bn
According to a report published by Lloyds of London, a major cyber-attack could cost more than $120bn, equivalent to the damage caused by Hurricane Katrina in 2005. The report suggests the threat of global attacks poses a significant risk to businesses and governments over the next decade. It believes the most likely form of an attack is a malicious hack that brings down a cloud service provider. This could create an average loss of $53bn however, this figure could be as high as $121bn. The Lloyds of London report believes the ‘mass software vulnerability scenario’ is also a likely threat. In this situation, the threat could originate from attacks on computer operating systems run by large numbers of businesses around the world. The report estimates that this could cause loses of up to $28.7bn.
FedEx confirms NotPetya cyber-attack will negatively impact its 2017 financial results
FedEx has confirmed that last month’s NotPetya cyber-attack on its subsidiary TNT Express has “likely” had a material impact, with its customers “still experiencing widespread service and invoicing delays”. The parcel delivery company revealed it had “experienced loss of revenue due to decreased volumes at TNT and incremental costs associated with the implementation of contingency plans and the remediation of affected systems”. FedEx believes that it is possible that TNT will be unable to fully restore all the affected systems and recover all of the critical business data encrypted by the virus. The company does not have “cyber or other insurance in place that covers this attack”.
UK energy sector ‘likely to have been compromised’ by hackers reveals memo
A leaked memo from Britain’s National Cybersecurity Centre reveals Industrial Control System engineering and services organizations in the UK are "likely to have been compromised" by hackers. According to technology website Motherboard, the memo states: "The NCSC is aware of connections from multiple UK IP addresses to infrastructure associated with advanced state-sponsored hostile threat actors, who are known to target the energy and manufacturing sectors.” According to the report, the activity is also targeting engineering, industrial control and water companies. The recent spate of activity is said to have occurred since the 8 June 2017. The report suggests that it is “likely to have been compromised” due to wide-spread targeting by the attacker. The memo follows reports in The Times that hackers affected Ireland’s Electricity Supply Board (ESB).
Top three issues concerning CISCOs in 2017
A new survey has revealed GDPR, security awareness and cloud security strategy are the top three issues concerning CISOs in 2017. The survey also revealed 78 percent of company boards still place their focus on prevention capabilities rather than response, despite 63 percent regarding data breach response as a major responsibility. The survey analysis goes on to question if company boards have their information security priorities in the wrong order.